<?php

/**
 * Created by PhpStorm.
 * User: Administrator
 * Date: 2019/8/22
 * Time: 16:45
 */
class PDO操作mysql不注意的话依然存在SQL注入
{

}
$dbh = new PDO("mysql:host=localhost; dbname=demo", "user", "pass");
$dbh->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
$dbh->exec("set names 'utf8'");
$sql="select * from test where name = ? and password = ?";
$stmt = $dbh->prepare($sql);
$exeres = $stmt->execute(array($name, $pass));